The operators of blackmail viruses have been actively looking for new niches to target over the past years. The sad truth in this regard is that entities like educational institutions, healthcare organizations and even law enforcement agencies are low-hanging fruit to these attackers. One of the latest onslaughts demonstrates this unsettling susceptibility. In mid-April 2018, an unidentified ransomware strain hit the computer network of the Leominster Public School District in Massachusetts. While the details of the specific attack vector remain undisclosed at the time of writing, the most likely entry point was a phishing email opened by one of unsuspecting staffers. Ultimately, the district officials have admitted to paying $10,000 worth of Bitcoin to regain access to the proprietary records.
According to the local police that’s investigating the incident, the school didn’t maintain an offsite data backup. That’s very poor security hygiene that makes users and companies incur serious losses in various information security incursions and data breaches. As a result, part of the target’s network was locked down as the malicious code applied a strong cipher to encrypt the most common types of files spotted on the host servers.
According to some unconfirmed reports, the troublemaking program might be the infamous WannaCry ransomware, which broke out worldwide in May 2017 and crippled numerous computer networks, including government-related ones and those belonging to industry giants. Some organizations had to rebuild entire segments of their infrastructure from scratch to recover from this massive attack. The UK’s National Health Service exemplifies the harsh impact as about 70,000 of its devices were affected.
The involvement of WannaCry in the Leominster case is a mere speculation, though. If it holds true, the attack probably tool place via unpatched software exploited in a furtive way. One way or another, although the FBI and security professionals advise against submitting ransoms in scenarios like that, the school district elected the lesser of two evils. The officials followed the crooks’ demands and coughed up the negotiated amount of cryptocurrency.
In summary, crypto ransomware continues to be a serious concern, and organizations are much better off keeping file backups to avoid the damage.
Con artists are homing in on users’ social network accounts via phishing messages disguised as verification requests or copyright infringement alerts.
Social networks such as Facebook, Instagram, Twitter, and TikTok boast huge user audiences and therefore increasingly lure online scammers. By obtaining credentials for numerous accounts, threat actors can mishandle the unauthorized access to perpetrate fraudulent initial coin offerings (ICOs) or controversial propaganda. In some cases, crooks simply sell these details on hacker forums.
Unsurprisingly, social network accounts have become a pricey asset in the cybercriminal circles and need to be safeguarded accordingly. Since early August 2020, security researchers have been observing a spike in phishing stratagems that zero in on social network users.
The two dominant forms of these scams are described below. Go over the information to identify these hoaxes if they happen to hit you.
(more…)
A recent report presented recently by IT-security company Carbon Black stresses a 2,500 % increase in the ransomware Dark Net industry, matched against the previous year.
The study supports numerous forecasts expressed by the majority of info-security specialists a year ago who said ransomware would likely have an essential role in all types of cyber-crime and get the biggest market share.
To collect information for this report, experts scanned the Dark Net for communities and sites offering and advertising all ransomware related products and services.
Researchers found approximately 6,200 spots where criminals had offered their services with the help of more than 44,000 ads.
Rates are varying greatly, from $1 to $4,000. The price variance is determined by different economic models crooks select to sell their goods. Some charge on a per-sample basis when others prefer monthly subscription plans.
Comparing 2016 and 2017, the ransomware economy has exploded from $250,000 to $6,230, 000, a rate of 2,500%, researchers note in their report. These extortion schemes get enormous ransom payouts that totaled in $1B in 2016. Earlier in 2015, it was $24M.
Ransomware-as-a-Service (RaaS) is the main driving force of the ransomware economy. Big and small RaaS portals started to appear in early 2017. These RaaS sites are all different and each works in its price niche. For instance, you can find RaaS portals offering all-in-one solutions. Some portals offer only minimal number of services. Finally, there are individual sellers who offer just the ransomware code.
Multi-function RaaS services provide the ransomware executable file itself, they also offer delivery mediums like botnets and exploit kits. In addition, you can get a payment portal to manage ransoms. On top of that, you can rent customer support team. All of this is available from a convenient web-based admin panel.
Reduced service RaaS sites supply the ransomware file, and just a couple of the services above, typically at more affordable prices.
Finally, there are private sellers who are virus writers. They sell just the ransomware file and allow clients to manage the rest. Some ransomware writers earn more than $150,000 a year. That is much more than the standard salary of a legal software developer.